package org.yiqixue.orders;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.security.access.prepost.PreAuthorize;

@RestController
public class OrdersController {

    @GetMapping("/orders")
    @PreAuthorize("hasRole('USER')")
    public String getOrderDetails(@RequestParam String orderId) {
        return "Order details for order ID: " + orderId;
    }
}